Adding IAM Group to aws-auth configmap in AWS EKS

泄露秘密 提交于 2020-06-28 07:19:45

问题


The aws-auth configmap in AWS EKS performs a mapping between IAM users/roles to kubernetes RBAC roles. However, the documentation does not specify anything on adding IAM groups to the configmap.

We use multiple namespaces, each namespace managed by a different team. I created a set of kubernetes RBAC roles, limited to the different namespaces. Now I want to give everbody in the teams IAM group that specific role.

Is it possible to add IAM groups in the aws-auth configmap? If not, what would the proposed solution be? Create a IAM role per team and allow only members of the IAM group the permission to assume that role?


回答1:


You can take a look here.

TLDR
1. Create a role that allows full API access
2. Create a RoleBinding for that role to your target namespace with a named apiGroup as the subjects.
3. Add an entry for your IAM user in the aws-auth ConfigMap to add the mapUser to the named aforementioned apiGroup.

Hope this helps!



来源:https://stackoverflow.com/questions/55455125/adding-iam-group-to-aws-auth-configmap-in-aws-eks

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!